Information Exposure Vulnerability in Essential Addons for Elementor WordPress Plugin
CVE-2026-7665

5.3MEDIUM

What is CVE-2026-7665?

The Essential Addons for Elementor plugin for WordPress contains an information exposure vulnerability through its ajax_load_more function. This flaw, present in all versions up to 6.6.4, allows unauthorized users to access sensitive data, including posts marked as password protected, private, or draft. The vulnerability arises from a lack of adequate restrictions governing which posts can be retrieved, potentially permitting bad actors to extract confidential information without proper authentication.

Affected Version(s)

Essential Addons for Elementor – Popular Elementor Templates & Widgets 0 <= 6.6.4

References

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anirudh Makkar
.